Mail Archives: djgpp-workers/2002/01/16/10:23:31
Sure enough, there are two djgpp images there. Ideas?
------- Start of forwarded message -------
From: "Florin Ghido" <FlorinGhido AT yahoo DOT com>
To: <dj AT delorie DOT com>
Subject: 12 files from >bnu2112b.zip< ARE INFECTED with a trojan virus!
Date: Wed, 16 Jan 2002 17:11:29 +0200
Content-Type: text/plain;
charset="iso-8859-2"
X-Priority: 1
X-MSMail-Priority: High
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Hi, DJ Delorie!
I found that 12 files from the archive bnu2112b.zip
ARE INFECTED
with a trojan virus. The virus is written also in DJGPP,
and it may be find immediately searching in the EXE files
'stub.h generated', the second time found around
95% of the file. Being written in DJGPP, the virus has also
a stub.
The image of these files is: STUB+image+STUB+virus,
that is, two executables concatenated.
The archive is:
15.07.2001 11:47 2.707.938 bnu2112b.zip
The INFECTED files are:
03.07.2001 05:51 271.872 size.exe
03.07.2001 05:51 525.312 objdump.exe
03.07.2001 05:51 291.328 ar.exe
03.07.2001 05:51 270.848 strings.exe
03.07.2001 05:51 291.328 ranlib.exe
03.07.2001 05:51 455.168 objcopy.exe
03.07.2001 05:51 321.024 addr2line.exe
03.07.2001 05:51 330.240 nm.exe
03.07.2001 05:51 455.168 strip.exe
03.07.2001 05:51 474.112 as.exe
03.07.2001 05:51 387.584 gprof.exe
03.07.2001 05:51 448.000 ld.exe
The virus is about 9024 bytes in size, but the size can slightly
vary because of the zero padding to make filesize multiple of
512.
Please send me a response with some details you found,
or at least something to confirme you received this mail.
Best regards,
Florin Ghido
------- End of forwarded message -------
- Raw text -